diff --git a/API.md b/API.md
index e7eb7d6c..bcc75363 100644
--- a/API.md
+++ b/API.md
@@ -7,6 +7,9 @@ For full API documentation, see [localhost:8100/docs](localhost:8100/docs) after
 
 If you want to see the API docs before deployment, check out the [hosted docs here](https://opengpts-example-vz4y4ooboq-uc.a.run.app/docs).
 
+In the examples below, cookies are used as a mock auth method. For production, we recommend using JWT auth. Refer to the [auth guide for production](auth.md) for more information.
+When using JWT auth, you will need to include the JWT in the `Authorization` header as a Bearer token.
+
 ## Create an Assistant
 
 First, let's use the API to create an assistant. 
@@ -20,7 +23,7 @@ requests.post('http://127.0.0.1:8100/assistants', json={
   "public": True
 }, cookies= {"opengpts_user_id": "foo"}).content
 ```
-This is creating an assistant with name `"bar"`, with default configuration, that is public, and is associated with user `"foo"`. We are using cookies as a mock auth method (refer to the [auth guide](auth.md) for more information).
+This is creating an assistant with name `"bar"`, with default configuration, that is public, and is associated with user `"foo"`.
 
 This should return something like:
 
diff --git a/auth.md b/auth.md
index 485e0440..8f58efa6 100644
--- a/auth.md
+++ b/auth.md
@@ -39,3 +39,13 @@ export JWT_DECODE_KEY_B64=<base64_decode_key>
 Base64 is used for the decode key because handling multiline strings in environment
 variables is error-prone. Base64 makes it a one-liner, easy to paste in and use.
 
+
+## Making Requests
+
+To make authenticated requests, include the JWT in the `Authorization` header as a Bearer token:
+
+```
+Authorization: Bearer <JWT>
+```
+
+